This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
First Last Prev Next    This bug is not in your last search results.
Bug 476736 - Make ESC to TPS communication IPv6 enabled
Make ESC to TPS communication IPv6 enabled
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: ESC (Show other bugs)
unspecified
All All
high Severity medium
: ---
: ---
Assigned To: Jack Magne
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2008-12-16 15:43 EST by Jack Magne
Modified: 2015-01-04 18:35 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:30:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch to allow ESC to connect over Ipv6. (1.38 KB, patch)
2009-06-22 21:54 EDT, Jack Magne 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Jack Magne 2008-12-16 15:43:43 EST 
Description of problem:

ESC uses its own HTTP library based on NSS and NSPR to communicate with the TPS when performing token operations. We want to make the minor change required to support IPv6 for this communication.

Version-Release number of selected component (if applicable):

1.0.1.x
Comment 1 Jack Magne 2009-06-22 21:54:48 EDT 
Created attachment 349024 [details]
Patch to allow ESC to connect over Ipv6.
Comment 2 Matthew Harmsen 2009-06-22 21:59:39 EDT 
attachment (id=349024) +mharmsen
Comment 3 Jack Magne 2009-06-22 22:02:53 EDT 
$ cvs  -d :ext:jmagne@cvs.fedora.redhat.com:/cvs/dirsec commit -m  Bugzilla #47
6736 -  Make ESC to TPS communication IPv6 enabled."
cvs commit: Examining .
Enter passphrase for key '/home/jack/.ssh/id_rsa':

Checking in httpClientNss.cpp;
/cvs/dirsec/esc/src/lib/NssHttpClient/httpClientNss.cpp,v  <--  httpClientNss.c
p
new revision: 1.4; previous revision: 1.3
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Comment 4 Jack Magne 2009-06-22 22:10:23 EDT 
This problem should be resolved in the next build of ESC.

To test.

1. Make sure ESC is running on a machine that is Ipv6 compatible. 

2. Make sure TPS/CA/TKS and DRM are running on a Ipv6 compatible host. It would be fine to have the Linux ESC running on the same host.

3. Make sure that the Ipv6 compatible JSS is installed on the host where the CS subsystems are to be installed. Also make sure TPS is listening on an IPv6 socket. /sbin/lsof -i6  . Then search for port 7888.

4. Put an entry in the machine's /etc/hosts like the following:

testhost6 fe80::219:b9ff:fe42:85d7

This gives a way for esc to accept a Ipv6 host name.

5. Run ESC and put in a blank token.

6. In the phone home dialog, put in the phone home URL , using the ipv6 name like:

http://testhost6:7888/cgi-bin/home/index.cgi

7. If the phone home info is accepted, then simply try to perform a Format the token. Once ESC asks for the user authentication info, we know that we have successfully made a connection to the Ipv6 socket of TPS.
Comment 5 Asha Akkiangady 2009-07-13 15:43:33 EDT 
Verified.

Successfully Enrolled and Formatted user token, esc running on an ipv6 enabled host following the steps in comment #4.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.